Does the DMCA require Internet disconnections?

A small American ISP starts disconnecting some users for six months for …

Torrentfreak ran an article last week about a small US Internet provider called Suddenlink, which apparently disconnects its users for six months after receiving three copyright infringement allegations. When a customer was disconnected and asked the reason, he was told that the Digital Millennium Copyright Act (DMCA) requires it. But does it?

"The explanation given above is pure nonsense of course," said Torrentfreak. "The DMCA does not and never has required ISPs to disconnect users. For some reason Suddenlink customer support was told to communicate this lie to its users."

Over at DSL Reports, astute industry observer Karl Bode makes a similar claim: "Of course the support agent is simply reading from the script, and the script is wrong. Absolutely nowhere in the DMCA does it require that ISPs terminate user connections, and any ISP that's doing so is doing so voluntarily.

These explanations are technically true; the DMCA does not require this. But the DMCA did create the idea of "safe harbors" for ISPs, so Internet providers could not generally be held accountable for the actions of their users. For fairly obvious reasons involving the desire not to get sued, every ISP in the country wants such a safe harbor, and wants it badly.

The conditions for these safe harbors get fairly technical, and they're all found in section 512 of US copyright law. Near the end of that section we find the "conditions for eligibility," and we learn that ISPs only qualify for a safe harbor if they do two things. First up: an ISP must have "adopted and reasonably implemented, and informs subscribers and account holders of the service provider's system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers."

Now, it's worth noting what's not said here. ISPs don't have to terminate based on mere allegations, and they don't have to terminate after "three strikes." They can essentially implement any policy they like, so long as they will disconnect repeat infringers at some point in time.

So it's true that Suddenlink isn't required to terminate users, but the company is correct that disconnections are part of the bill and are necessary to maintain a safe harbor. Without such a safe harbor, Suddenlink could find itself repeatedly targeted for infringement based on its users' behavior. The disconnection requirement, then, is a de facto though not a de jure requirement—but that still doesn't mean that company has any obligation to act in cases where a judge has never ruled.